[gnutls-help] use certtool to manage a own CA

A L mail at lechevalier.se
Mon Feb 10 19:47:30 CET 2014

I believe you specify this in the template.cfg
(http://gnutls.org/manual/html_node/certtool-Invocation.html at the
bottom of the page)

   serial = 001
   crl_number = 1

If you omit the serial option, a time based serial will be generated. Do
you need anything else than a random number? For CRLs, it should be easy
enough to script or handle manually.

Doesn't OpenSSL handle this in a psuedo-scripted way anyway with CA.pl
or CA.sh ? Anyway you can use -set_serial or -CAcreateserial


On 2014-02-03 10:30, Randy Li wrote:
> Hello,
> I use openssl to create and verify the certificate before, now I want to
> switch to gnutls.
> I find that it seems that certtool won't record the verified certificats
> and update the serial number or
> crl number like openssl. So I have to do that in hand?
> ayaka

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140210/79b2f555/attachment.html>

More information about the Gnutls-help mailing list